http://www.ietf.org/rfc/rfc2965.txt says in "Implementation Limits" browser should accept "at least 4096 bytes per cookie (as measured by the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie2 header, and as received in the Set-Cookie2 header)"